Product Management has reviewed and declined this request.
You may appeal this decision by reopening this request.

Attempting to reproduce this on OSP10 has failed.:

root@harold ~]# ssh stack@undercloud-0

[stack@undercloud-0 ~]$ source stackrc 

(undercloud) [stack@undercloud-0 ~]$ openstack server list
+--------------------------------------+--------------+--------+------------------------+----------------+------------+
| ID                                   | Name         | Status | Networks               | Image          | Flavor     |
+--------------------------------------+--------------+--------+------------------------+----------------+------------+
| ec445e94-b683-46ac-84ac-ccb32c81aaab | controller-0 | ACTIVE | ctlplane=192.168.24.6  | overcloud-full | controller |
| 02b6afd3-2e64-41ba-837e-a0972c9e13ef | compute-0    | ACTIVE | ctlplane=192.168.24.11 | overcloud-full | compute    |
+--------------------------------------+--------------+--------+------------------------+----------------+------------+

(undercloud) [stack@undercloud-0 ~]$ ssh heat-admin.24.6

[heat-admin@controller-0 ~]$ oslopolicy-policy-generator --namespace keystone
"identity:delete_project": "rule:admin_required"
"identity:list_revoke_events": "rule:service_or_admin"
"identity:revoke_system_grant_for_group": "rule:admin_required"

<snip>

"identity:list_system_grants_for_user": "rule:admin_required"
"identity:list_registered_limits": ""
"identity:delete_region": "rule:admin_required"

This worked for cinder and nova as well. I believe we can close this.

Per comment#2, I don't think the bug is reproducible. Closing as WORKSFORME. Pleease re-open if you encounter the issue again.